Full Disclosure mailing list archives
Re: What the f*** is going on?
From: Fredrick Diggle <fdiggle () gmail com>
Date: Thu, 24 Feb 2011 21:30:39 -0800
I'm the first one among many who want to learn RE and low level things, but I think both of the sides are complex enough.
I am not sure if you follow the teachings of Fredrick Diggle but to paraphrase you may imagine security as a disc. On one side you have web app security (for illustrative purposes let us imagine this thusly) , - ~ ~ ~ - , , ' ' , , , , , , , , alert() , , , , , , , , , ' ' - , _ _ _ , ' On the other side you have low level security with mountains of stale objects and ROP payloads cascading over waterfalls of executable pages. We flip the disc over and envision this... , - ~ ~ ~ - , , ' ' , , , , , , , , MOV al, 0x0b , , , , , , , , , ' ' - , _ _ _ , ' Now your average hacker is handed this disc and stares intently at a side. The swirling colors, the endless complexity, it becomes all engrossing. But the Diggle teaches that we must examine a side only for a time, we then flip the disc and appreciate the majesty that is the flip side. Then after a similar period another flip and another and another until the two sides blend into a single sphere. only then does the student realize that the target system encompasses all of this and that the alert box is simply an object which can be used after free() like any other. Tangentially, I prefer to look at this sphere after drinking thus seeing two of them side by side. , - ~ ~ ~ - , , - ~ ~ ~ - , , ' ' , , ' ' , , , , , , , , , , , , , , MOV al, 0x0b , , MOV al, 0x0b , , , , , , , , , , , , , , , ' , , ' ' - , _ _ _ , ' ' - , _ _ _ , ' Fredrick Diggle Esq. YAY!
Isn't your colleague Michal more focused on web app security nowadays?
Cheers antisnatchor
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- What the f*** is going on? Pietro de Medici (Feb 22)
- Re: What the f*** is going on? Michal Zalewski (Feb 22)
- Re: What the f*** is going on? root (Feb 22)
- Re: What the f*** is going on? Charles Morris (Feb 22)
- Re: What the f*** is going on? Michal Zalewski (Feb 22)
- Re: What the f*** is going on? Chris Evans (Feb 22)
- Re: What the f*** is going on? Michele Orru (Feb 23)
- Re: What the f*** is going on? Chris Evans (Feb 24)
- Re: What the f*** is going on? Fredrick Diggle (Feb 24)
- Re: What the f*** is going on? jf (Feb 22)
- Re: What the f*** is going on? Pietro de Medici (Feb 23)
- Re: What the f*** is going on? Michal Zalewski (Feb 22)
- Re: What the f*** is going on? Michal Zalewski (Feb 22)
- Re: What the f*** is going on? jf (Feb 22)
- Re: What the f*** is going on? Michal Zalewski (Feb 22)
- Re: What the f*** is going on? jf (Feb 22)
- <Possible follow-ups>
- Re: What the f*** is going on? Michal Zalewski (Feb 22)